Function

SecKeyRawSign

Generates a digital signature for a block of data.

Declaration

OSStatus SecKeyRawSign(SecKeyRef key, SecPadding padding, const uint8_t *dataToSign, size_t dataToSignLen, uint8_t *sig, size_t *sigLen);

Parameters

key

Private key with which to sign the data.

padding

The type of padding to use. Possible values are listed in SecPadding. Use kSecPaddingPKCS1SHA1 if the data to be signed is a SHA1 digest of the actual data. If you specify kSecPaddingNone, the data is signed as-is.

dataToSign

The data to be signed. Typically, a digest of the actual data is signed.

dataToSignLen

Length in bytes of the data in the dataToSign buffer. When PKCS1 padding is performed, the maximum length of data that can be signed is 11 bytes less than the value returned by the SecKeyGetBlockSize function (secKeyGetBlockSize() - 11).

sig

On return, the digital signature.

sigLen

On entry, the size of the buffer provided in the sig parameter. On return, the amount of data actually placed in the buffer.

Return Value

Discussion

The behavior this function with kSecPaddingNone is undefined if the first byte of the data to sign is 0; there is no way to verify leading zeroes, as they are discarded during the calculation.

See Also

Legacy iOS Key Operations

SecKeyGeneratePair

Creates an asymmetric key pair.

SecKeyEncrypt

Encrypts a block of plaintext.

SecKeyDecrypt

Decrypts a block of ciphertext.

SecKeyRawVerify

Verifies a digital signature.

SecPadding

The types of padding to use when you create or verify a digital signature.